AWS is a really amazing set of tools but when using it properly you want to ensure that you are running it using least privileged access. When testing this you often get a series of messages with the dreaded text of:

You are not authorized to perform this operation. Encoded authorization failure message…

Which is followed by an encoded string which is next to useless in working out what has gone wrong. As always, the fix can be found in the AWS CLI, specifically the decode-authorization-message. To decode the message run the following command:

Now once again, not incredibly clear but by looking at it more closely you can see that it was denied ("allowed":false) when trying to execute the action "action":"iam:PassRole". In order to fix this problem I need to grant the User the iam:PassRole permission.

Now for those that don’t know, AWS have a really handy feature called SSM (Simple Systems Manager) which allows you to perform simple actions against either Windows or Linux hosts.

I am attempting to domain join a Windows 2016 instance to an AWS AD Enterprise Directory Service and am not having any joy. This document details my experiences and the (I hope) fix.

The SSM Document that I am using is pretty simple and is as follows:

{"description":"Join instances to an AWS Directory Service domain.","runtimeConfig":{"aws:domainJoin":{"properties":{"directoryOU":"ou=Computers,ou=domain.local","directoryId":"d-97673d0000","directoryName":"domain.local"}}},"schemaVersion":"1.2"}

Instance not joining the domain

I am provisioning the instance using CloudFormation and it should be joining
the domain on startup. The CloudFormation stack executes OK and the instance
can be logged on using the password obtained through the AWS console.

I have recently returned from Canada and in all my experience I have never visited a country that is so similar to Australia. On a whole range of issues we have a similar background - geography (both big and sparsely populated) and culture (former British colony, similar political systems), economic (similar currency strengths, both resource heavy economies) but for some reason our internet access just sucks whereas theirs is actually really good.

Add to this, I didn’t see any evidence in Canada that their government fixed their internet access - if anything their government seems more hopeless at things than ours…

So I thought, why did Canada get decent Internet without a ridiculously expensive NBN?

Now I grant that Telstra isn’t the best internet provider in Australia but Rogers is a similar company to Telstra in that they appear to be the biggest provider (at least in Toronto), but the fact of the matter is that the costs are similar but the provided service is significantly worse in Australia… now we can complain but the big question is… why? Why do we need the NBN when Canada didn’t have to have one and ended up with a better service?

I was in Canada for 9 months and believe that I know the answer to this question. The answer is sport… in Australia we can watch most things that we need on free to air TV. The only people who get cable in Australia are those sport nuts who need to watch every AFL/EPL/Cricket/League/Union game. In Australia, the big sporting events are on free to air TV - cricket, league, union, afl.. all of it. I can be a sports nut and watch most of what I want. What else does free to air TV have? - no infrastructure - as long as you can receive the signal you can get it. That means that the rollout of highspeed network infrastructure that is required to support cable in Australia just hasn’t happened.

In Canada, they love ice hockey as much as we love AFL/EPL/Cricket/League/Union (possibly more so), and you cannot watch a game of the Toronto Maple Leafs without watching it on cable. Every house that I visited had cable in Canada but thinking it through I only know one person in Australia that has cable.

What does this mean, this means that the cable companies in Canada have the infrastructure in place to support highspeed internet whereas in Australia we don’t because our entertainment comes from “dumb” free to air towers. In short, I now blame our free access to sport as the reason that we have rubbish internet.

That said, why is the NBN so rubbish - and lets call a spade a spade and say that Labor stuffed it and so did the Liberals (and I am a Liberal supporter). The next government (whoever wins) isn’t going to make it better because fundamentally it is stuffed and to say otherwise is in my opinion to defy reality. I thought it was a dud when it started and it is still a dud and I suspect it will never complete… Why do I think that… for this reason.

If you were going to rollout the service, how would you do it? I would suggest the following:

You would roll it out initially in the place where it would have the highest penetration. You are looking for high density areas in large cities with rows of apartment blocks and people living in them that will pay for high speed internet. This will keep your per customer rollout costs low. You will then use these areas to fund rollouts to less high density areas (aka suburbia) and finally you will move out to rural areas (possibly with government support to enable equality of service where it is not economically viable). And you can see this in the way mobile systems are rolled out - the first place they are putting 4G towers is in the CBD and then pushing them out from there.

How did the NBN do it? The initial rollout was to Tasmania, then Armidale - could you choose worse places if you tried? Brilliant - and we wonder it isn’t rolling out as quickly as we think.

Lastly, it is interesting to compare something that doesn’t have an NBN, lets look at phone prices between Telstra and Rogers

Country

Provider

Cost per Month

Talk

Text

Data

Canada

Rogers

CAD 105.00

Unlimited

Unlimited

5Gb

Australia

Telstra

AUD 60.00

Unlimited

Unlimited

10Gb

In closing, the next time you curse your rubbish internet connection - blame the Australian Cricket Team - it is their fault, then blame the government - but don’t be surprised they stuffed it up, they are the government after all!